Network security devices or appliances such as firewalls provide advanced security by applying security policies to network traffic flowing through the network security devices at an application level. To do this, the network security devices inspect the network traffic to ascertain actionable/relevant information therein, such as network destinations, ports, protocols, and application-related information, and then apply the security policies based on the ascertained information. As content in the network traffic becomes increasingly encrypted to avoid content inspection, using techniques associated with Secure Hypertext Transfer Protocol (HTTPS) and certificate pinning, for example, it is increasingly difficult for the network security devices to ascertain the actionable/relevant information about the traffic flow. Additionally, modern malware implements various techniques to evade network security devices by using user-agent strings that mimic legitimate applications.